Password managers: cross-platform and browser integration

Daniel Stout2011-05-05T22:29:42+00:00

LastPassWhitson Gordon of Lifehacker has an article today talking about alternatives to the online password manager LastPass. LastPass noticed a traffic anomaly on their network that they couldn’t explain, and they decided to be proactive. Just in case people’s passwords got stolen, some users were required to change their master password. It sounds like LastPass did the right thing. With recent articles detailing security questions about DropBox and cloud computing in general, people are a little bit jumpy about personal data stored online. LastPass uses end-to-end encryption though so your passwords are encrypted with a master password that you specify before they are sent to the LastPass servers.

The first alternative password manager that’s mentioned in the Lifehacker article is KeePass. I’ve been using KeePass for two years, and it works well. It’s a free and open source application, but it’s written in C# and .NET. It’s been ported to various platforms including mobile devices. I use it on Windows and also on Linux running with Mono, which is an open source implementation of Microsoft’s .NET technology.

KeePass has a somewhat technical interface, and the casual user may prefer a more polished option like 1Password. 1Password costs about $40 and used to only run on Apple products but now has Windows and Android versions, although it looks like Linux is not an option.

KeePass’ days as a cross-platform Wunderkind may be numbered. Mono, which is necessary to run KeePass on Linux, is a project of Novell, Inc., who also produce the SUSE Enterprise Linux distribution. Novell was recently sold, and as this post on ZDNet indicates, Mono is being shut down. All 30 developers working on Mono appear to be without a job at this point, which pretty clearly indicates that Mono is dead in the water. Microsoft doesn’t produce non-Windows versions of .NET or C#. If you’re using Mono to run KeePass or other .NET applications on Linux, then it may be time to assess your options.

Which brings us back to LastPass. LastPass is built seemingly with a similar philosophy as DropBox. They keep it simple and make it run everywhere. LastPass also has much better web browser integration than KeePass, which is an attractive feature. LastPass is free to use, but they also offer a premium version for $12/year. They have versions for basically any computer or mobile device you’d care to run it on. At the moment, their servers are getting hit with heavy traffic because of people changing their passwords. But if you’re looking for an easy, secure way to keep passwords synced across your computers and devices, then check out LastPass.

Balancing usability and security with your passwords

Daniel Stout2011-05-05T06:26:58+00:00

Thomas BaekdalIn 2007, Thomas Baekdal, a Dane, wrote a simple article on his website entitled The Usability of Passwords. It inspired a lot of debate. His main thesis was that complex passwords are difficult to remember and may reduce actual security if you have to write it down or have some other means of remembering it. He suggests using three or more unusual words separated by special characters as a more secure password strategy. According to his analysis, multiple words used in conjunction with spaces or other special characters can be more secure than a shorter, more complex password.

Baekdal suggests that the approach of most IT departments is incorrect in this fashion. That is, passwords are typically checked strictly for complexity. Most password checkers that measure the strength of a given password simply use a method that matches upper and lower-case letters, numbers, symbols and so on. The more variety, the higher the security rating. But using a long password with multiple words that are easily remembered may be more effective.

Given the mix of opinions and questions regarding his idea, Baekdal followed up his original article with a useful explication of Frequently Asked Questions. This page gets more into the heart of the use and practice of online passwords. One point he makes several times is that the end user can only keep their password secure enough that someone can’t hack them through the website. But if someone hacks the web or database server that stores the password then the user’s security may be worthless. Therefore, from the server perspective, it is up to the server admin to devise a secure method of storing the passwords of a website’s users. If your password is stored on the server in plain text, then a hacked server will result in a hacked password. The user then is just responsible for devising a password strong enough to prevent someone from hacking it via the website and has no control over how a given website will store their password on the server.

In a follow-up article published last month, Baekdal makes further distinctions between the hacking of online and offline passwords. He also introduces the notion that when a server is hacked, the people who have to worry the most are the ones who use the same password for every site they visit. If you use a different password for your most commonly visited sites, then the collateral damage, to use Baekdal’s term, is limited. He uses the example of the Gawker Media break-in. People who had a unique password for Gawker’s websites could have a comment posted, say, on in their name, but that’s about the extent of it. But the hacked passwords were posted online along with email addresses, and those users who had used the same password on multiple sites had a much bigger headache to deal with.

Overall, these three pieces by Mr. Baekdal make for an interesting read if you’re interested in maintaining secure systems. He challenges conventional wisdom about what makes a good password and defends his idea well.

Cutting the cord: Ownership of TV sets falls in U.S.

Daniel Stout2011-05-03T21:50:46+00:00

Brian Stelter writes in the New York Times that, according to Nielsen, ownership of TVs in the U.S. has fallen for the first time in 20 years. It went from a boggling 98.9% of households down to 96.7%. That is, 3.3% of households don’t have a television. According to this U.S. Census PDF, there were an estimated 114,825,000 households in the U.S. in 2010. So, 3.3% of that number is roughly 3,789,225 households without a TV.

The Nielsen Company thinks that the drop is mostly due to two demographic groups: 1) the rural poor who are increasingly unable to afford satellite service, digital TVs, etc. and 2) young people recently out of college who have decided to “cut the cord.” Poor people – whether rural or urban – are at a distinct disadvantage in today’s TV world. In 2009, TV stations stopped broadcasting analog signals in the U.S. Inexpensive tube TVs no longer exist or can’t carry digital content. Flat-screen LCD TVs are significantly more expensive than the CRT (tube) TV sets they replaced. Cable service has also increased in price at the basic levels and increasingly people opt for more expensive “tiers” of channels. So while wages have remained stagnant, the total cost of ownership of a television has gone significantly up.

It would be interesting to compare the rise of prices in the television industry as a whole with the rise of prices in the cellular phone industry. That is, as TV ownership costs have increased, so have cell phone costs. Most cell phone companies offer smartphones as the default choice, and non-smartphone cell phones are unavailable or available in only a couple of different models. Instead of paying for voice only, one pays for voice, texts, data, and so on. There are still some low-cost options for cell phones, such as prepaid plans, but overall the cost to consumers is rising in cell phones as well.

I sold my TV four years ago and haven’t looked back. My household is part of that 3.8 million that don’t have a TV. If I guess that an average household spends $60 a month on television service, that’s about $3,000 I didn’t spend on TV in four years. That’s a worthwhile cost incentive although that wasn’t my primary motivation for getting rid of the TV. When the internet was growing, there were reports that TV viewership had decreased, but it’s been climbing in recent years. Americans are spending more time watching television, especially those over the age of 65.

In my personal experience, there is a growing third and also a fourth demographic of people who don’t own TVs. The third demographic is an urban dweller who is neither poor nor right out of college and is someone who simply chooses to do without. Cities in and of themselves can be stimulation. The bigger the city, in my anecdotal evidence, the more likely they will be without a TV. The fourth demographic not mentioned by Nielsen are religious conservatives who choose not to watch TV for moral reasons. I know people in the third demographic and consider myself part of it, and I know people in the fourth demographic as well. How big are these groups? Relatively small if you look at the big picture. Most people own a TV, but several million more people in the U.S. are learning or choosing not to live with a TV.

What technology tools do you use?

Daniel Stout2011-05-02T20:13:22+00:00

For a little over two years, The Setup has been profiling people of various walks who use technology in a significant way. There are four simple questions of which the purpose is to determine who the person is and what technology tools they use whether hardware, software, devices, etc. It’s an interesting look behind the scenes to see what people use to get their work done. People interviewed range from Gina Trapani to Jeffrey Zeldman to Warren Ellis. You can get at a list of everyone who has been interviewed on the Archives page.

This is not the first site to capture information about people’s tools. Flickr has had a variety of photo pools over the years cataloging what’s in people’s bags and such. Or here’s a site taking a look at what’s on the desks of creative people.

It’s a humanizing thing. Partly, you can see what other people use to get things done. But also you can read the stories behind the choices that led people to use a given tool. The Setup features technology tools used by technology-oriented people. It’s amazing to see how much penetration Apple has with the movers and shakers. Another trend that plays out on The Setup is the use of laptops. Even if people have a large, freestanding screen on their desk, more often than not it’s connected to a laptop.

So if you’ve got a few minutes to spare, go over and check out The Setup. It’s one of those little diversions that make the web such a fun place.

What AudioQuest doesn’t want you to know about Thunderbolt

Daniel Stout2011-05-01T22:08:08+00:00

Thunderbolt TechnologyIntel in conjunction with Apple have released a new connection standard called Thunderbolt. It’s more than 20x faster than USB 2.0. It’s fast. But there’s one key piece of information that’s of interest to audiophiles in particular. Buried in the list of attributes of Thunderbolt is this little nugget:

Low latency with highly accurate time synchronization

This means that Thunderbolt will make the best digital audio connection possible. High-end audio reviewers, whether online or in magazines, spend a lot of time talking about jitter. You’d think the world was awash in poorly timed digital connections. The audio experts like to pass their expert judgments. But here’s a simple fact. Most of the people writing for audiophile magazines are over the age of 40. They simply don’t get the changes that have come and continue to come in nature of the high-end audio system. You have people claiming that one lossless file sounds different from the same lossless file.

High-end audio makes its money selling to older customers who want to show off. How else can you explain $1,000 power cords? But the lie and deception in all of that comes clean with digital audio. You have some high-end cable makers saying their very expensive USB cables are worth the money because surely “it’s more than just ones and zeros.” In fact, no, it isn’t, but the FUD (Fear, Uncertainty, Doubt) in high-end audio advertising makes it clearly apparent that audio manufacturers have their own interests in mind and not their customers.

A clear example of a 40+ year old reviewer weighing in his expert opinion that CD quality, if it’s on a computer, is not as good as CD quality if it’s on a CD. Talk about stuck in the ’80s. Here’s Steve Guttenberg in his own words:

So while lossless audio compression (FLAC or Apple Lossless for example) can be “expanded” to produce an exact digital duplicate of the original audio stream, that’s not necessarily the same thing as sounding exactly like an uncompressed WAV file or a CD. To my ears lossless files add a glare or edge to the music and flatten the soundstage. Please don’t misunderstand, I think FLAC or Apple Lossless sound perfectly fine, just not on par with a CD, when played on a high-end audio system.

Here’s a guy that just doesn’t understand modern technology. He’s approaching digital audio from an analog mindset, and he gets it exactly and completely wrong. He’s supposed to be the expert, and he’s trying to stay relevant.

So back to Thunderbolt. In short, Thunderbolt, as a low latency and tightly clocked interconnect, will completely eliminate the need for expensive cables, as digital technology already has. You can be certain that some will find some fault to justify their salaries. The experts will opine that the past was better. But Thunderbolt will bring in a new age for the digital music server. High-end audio will be accessible more than ever. And with a superior connection method, we can dispense with the FUD and look forward to an incredible sounding future.

Don’t believe what you read; believe what you hear.

Thunderbolt is just now making its way into the market. You’ll find it on some Apple laptops at the moment and by 2012 it’ll be in a lot more places. If you’re thinking about buying a media server or a HTPC (home theater PC), I’d say hold off a year if you can. Thunderbolt promises to make the best of the audio on your computer. Are you playing CD-quality FLAC files or Apple Lossless? Or perhaps you’ve discovered a source for hi-res audio. Maybe 24/96. That appears to be the emerging standard. Once the record companies dispense for good with the CD, we can move forward into full CD quality audio from iTunes (someday!) and hopefully, the availability of 24/96 files for those with the equipment to play it.

Some people won’t pay for music. But many people will. Record Store Day is proof of that. But who wants souvenirs? We want quality music and modern technology. Is that too much to ask? I don’t think so, and I don’t think it’s unreasonable to say no to $100 audio interconnects. Thunderbolt is the proof. Do it cheap. Do it fast. And do it on time. That’s the magic of modern high-end audio. Get some nice speakers. Get a nice amplifier. But put all that music on your hard drive and stream away!